Wednesday, May 25, 2011

java plugin and Linux - are webex .so security risk?

Whilst it is useful that Cisco decided to make available a .jar for cross platform webex viewing, a native Linux client would be much better.

Given that the Apache webserver on GNU / Linux powers two thirds of all internet traffic, and Cisco's business is in routing equipment for the internet (primarily), it seems a little rude not to give back to the GNU / Linux community.

Clicking 'run' for npatsun.jar when Java plugin asks for confirmation:

If you want to participate in the webex, or watch a .wrt file you have locally, then you will have to authorise Java plugin to run the Java.

What this will do is create a .webex directory in your home folder and run the webex process.

The detail in the above screenshot is provided for reference, but just be aware that the Java jar file has placed a .so file named npatgpc.so, in your plugins directory for your browser.

User 1000 is an unprivileged user - that much is good, as the harm the plugin can do is limited. However I am really relying on Firefox own plugin sandboxing of privileges, to prevent that .so from doing something unwelcome to my system.

If all that .so is doing is calling .webex/atrecply to play the .wrt, then maybe there are no worries there.

My advice - when you have finished watching the webex, move out .webex directory to .webex-movedout. You can always reinstate it when you come to want webex participation again.

To permanently remove webex, you would have to also remove npatgpc.so from your plugins directory.

What sort of trail does webex leave when you playback / participate:

...and...

Hopefully those screenshots give you a bit more information, if you want to dig around and find out, what precisely, webex playback / participation will do.

Mozilla.org reports the plugin as 'ActiveTouch General Plugin Container' ( Version 113 ) as shown here:

Browser plugins can affect memory usage and stability of browsers, so generally some good advice might be to only have enabled those you really regularly use.

Move out the webex plugin if you are not using it.

Notes and Further reading:

There are plenty of alternatives to Webex if you are planning on hosting your own web meetings. Do some research or have a look at Yuuguu or